# Block Ciphers: AES and Security Mechanisms

## Introduction

Block ciphers are fundamental tools in symmetric-key cryptography, offering data security by encrypting fixed-size blocks of plaintext using a symmetric key. Among these, the Advanced Encryption Standard (AES) is the most widely adopted, approved by NIST in 2001 as a replacement for DES [1]. AES is celebrated for its strong security, efficiency in both hardware and software, and resistance to known cryptanalytic attacks. It operates on 128-bit blocks and supports key sizes of 128, 192, or 256 bits.

This report explores the core architecture and transformation steps of AES encryption. We also evaluate the algorithm’s strength through Shannon's principles of confusion and diffusion, using bit-flipping and Hamming distance analysis to quantify AES’s resistance to differential attacks [2].

In [1]:
from aes import AES

from diffusion_confusion import flip_bit, hamming_distance
from diffusion_confusion import aes_diffusion, aes_confusion

In [2]:
type(AES(b'b\x07\xc2\xd3/\xcf\xfa\xdaSl\x81+\xa3Y\xcc\xd6').key_expansion())

bytes

## AES 

AES encryption consists of a series of rounds *(10 for 128-bit keys)* in which the input block undergoes a sequence of transformations. These transformations provide both non-linearity and mixing, critical to cryptographic strength. Each round involves:

In [2]:
key = bytes.fromhex("2b7e151628aed2a6abf7158809cf4f3c")
plaintext = bytes.fromhex("3243f6a8885a308d313198a2e0370734")

aes = AES(key)
round_keys = aes.key_expansion()

# Round key 0
print("Round Key 0:")
for row in round_keys[0]:
    print(" ".join(f"{b:02x}" for b in row))



print("\nRound Key 1:")
for row in round_keys[1]:
    print(" ".join(f"{b:02x}" for b in row))


Round Key 0:
2b 28 ab 09
7e ae f7 cf
15 d2 15 4f
16 a6 88 3c

Round Key 1:
a0 88 23 2a
fa 54 a3 6c
fe 2c 39 76
17 b1 39 05


In [3]:
state = [
    [0x01, 0x02, 0x03, 0x04],
    [0x05, 0x06, 0x07, 0x08],
    [0x09, 0x0a, 0x0b, 0x0c],
    [0x0d, 0x0e, 0x0f, 0x10],
]

round_key = [
    [0x10, 0x0f, 0x0e, 0x0d],
    [0x0c, 0x0b, 0x0a, 0x09],
    [0x08, 0x07, 0x06, 0x05],
    [0x04, 0x03, 0x02, 0x01],
]

result = AES.add_round_key(state, round_key)

for row in result:
    print(" ".join(f"{b:02x}" for b in row))


11 0d 0d 09
09 0d 0d 01
01 0d 0d 09
09 0d 0d 11


In [4]:
state = [
    [0x00, 0x01, 0x02, 0x03],
    [0x04, 0x05, 0x06, 0x07],
    [0x08, 0x09, 0x0a, 0x0b],
    [0x0c, 0x0d, 0x0e, 0x0f],
]

result = AES.byte_substitution(state)

for row in result:
    print(" ".join(f"{b:02x}" for b in row))


63 7c 77 7b
f2 6b 6f c5
30 01 67 2b
fe d7 ab 76


In [5]:
state = [
    [0x00, 0x01, 0x02, 0x03],
    [0x10, 0x11, 0x12, 0x13],
    [0x20, 0x21, 0x22, 0x23],
    [0x30, 0x31, 0x32, 0x33],
]

result = AES.shift_rows(state)

for row in result:
    print(" ".join(f"{b:02x}" for b in row))


00 01 02 03
11 12 13 10
22 23 20 21
33 30 31 32


In [6]:
state = [
    [0xdb, 0xf2, 0x01, 0xc6],
    [0x13, 0x0a, 0x01, 0xc6],
    [0x53, 0x22, 0x01, 0xc6],
    [0x45, 0x5c, 0x01, 0xc6],
]

result = AES.mix_column(state)

for row in result:
    print(" ".join(f"{b:02x}" for b in row))


8e 9f 01 c6
4d dc 01 c6
a1 58 01 c6
bc 9d 01 c6


In [7]:
state = [
    [0xdb, 0xf2, 0x01, 0xc6],
    [0x13, 0x0a, 0x01, 0xc6],
    [0x53, 0x22, 0x01, 0xc6],
    [0x45, 0x5c, 0x01, 0xc6]
]

expected = [
    [0x8e, 0x9f, 0x01, 0xc6],
    [0x4d, 0xdc, 0x01, 0xc6],
    [0xa1, 0x58, 0x01, 0xc6],
    [0xbc, 0x9d, 0x01, 0xc6]
]

result = AES.mix_column(state)

# Print results nicely
for r_row, e_row in zip(result, expected):
    print("Result:   ", " ".join(f"{b:02x}" for b in r_row))
    print("Expected: ", " ".join(f"{b:02x}" for b in e_row))
    print("Match?   ", r_row == e_row)
    print()


Result:    8e 9f 01 c6
Expected:  8e 9f 01 c6
Match?    True

Result:    4d dc 01 c6
Expected:  4d dc 01 c6
Match?    True

Result:    a1 58 01 c6
Expected:  a1 58 01 c6
Match?    True

Result:    bc 9d 01 c6
Expected:  bc 9d 01 c6
Match?    True



In [8]:
b = bytes(range(16))
m = AES.to_matrix(b)
print("Matrix:")
for row in m:
    print(" ".join(f"{x:02x}" for x in row))

print("\nBack to bytes:")
print(AES.to_bytes(m).hex())

print("\nOriginal:")
print(b.hex())

assert AES.to_bytes(m) == b

Matrix:
00 04 08 0c
01 05 09 0d
02 06 0a 0e
03 07 0b 0f

Back to bytes:
000102030405060708090a0b0c0d0e0f

Original:
000102030405060708090a0b0c0d0e0f


In [2]:
key = bytes.fromhex("2b7e151628aed2a6abf7158809cf4f3c")
plaintext = bytes.fromhex("3243f6a8885a308d313198a2e0370734")

aes = AES(key)
ciphertext = aes.encrypt(plaintext)

print("Ciphertext:", ciphertext.hex())
print("Expected:  ", "3925841d02dc09fbdc118597196a0b32")
print("✅ Match?  ", ciphertext.hex() == "3925841d02dc09fbdc118597196a0b32")

Ciphertext: 3925841d02dc09fbdc118597196a0b32
Expected:   3925841d02dc09fbdc118597196a0b32
✅ Match?   True


In [3]:
key = bytes.fromhex("000102030405060708090a0b0c0d0e0f")
plaintext = bytes.fromhex("00112233445566778899aabbccddeeff")
expected_ciphertext = "69c4e0d86a7b0430d8cdb78070b4c55a"

"""key = bytes.fromhex("00000000000000000000000000000000")
plaintext = bytes.fromhex("00000000000000000000000000000000")
expected_ciphertext = "66e94bd4ef8a2c3b884cfa59ca342b2e"""

"""key = bytes.fromhex("ffffffffffffffffffffffffffffffff")
plaintext = bytes.fromhex("ffffffffffffffffffffffffffffffff")
expected_ciphertext = "a1f6258c877d5fcd8964484538bfc92c"""

"""key = bytes.fromhex("2b7e151628aed2a6abf7158809cf4f3c")
plaintext = bytes.fromhex("3243f6a8885a308d313198a2e0370734")
expected_ciphertext = "3925841d02dc09fbdc118597196a0b32"""

aes = AES(key)
ciphertext = aes.encrypt(plaintext)

print("Result:   ", ciphertext.hex())
print("Expected: ", expected_ciphertext)
print("Match?    ", ciphertext.hex() == expected_ciphertext)

Result:    69c4e0d86a7b0430d8cdb78070b4c55a
Expected:  69c4e0d86a7b0430d8cdb78070b4c55a
Match?     True


In [21]:
for round_idx, matrix in enumerate(aes.key_expansion()):
    print(f"Round {round_idx}:")
    for row in matrix:
        print(" ".join(f"{b:02x}" for b in row))


Round 0:
ff ff ff ff
ff ff ff ff
ff ff ff ff
ff ff ff ff
Round 1:
e8 17 e8 17
e9 16 e9 16
e9 16 e9 16
e9 16 e9 16
Round 2:
ad ba 52 45
ae b8 51 47
ae b8 51 47
19 0f e6 f0
Round 3:
09 b3 e1 a4
0e b6 e7 a0
22 9a cb 8c
77 78 9e 6e
Round 4:
e1 52 b3 17
6a dc 3b 9b
bd 27 ec 60
3e 46 d8 b6
Round 5:
e5 b7 04 13
ba 66 5d c6
f3 d4 38 58
ce 88 50 e6
Round 6:
71 c6 c2 d1
d0 b6 eb 2d
7d a9 91 c9
b3 3b 6b 8d
Round 7:
e9 2f ed 3c
0d bb 50 7d
20 89 18 d1
8d b6 dd 50
Round 8:
96 b9 54 68
33 88 d8 a5
73 fa e2 33
66 d0 0d 5d
Round 9:
8b 32 66 0e
f0 78 a0 05
3f c5 27 14
23 f3 fe a3
Round 10:
d6 e4 82 8c
0a 72 d2 d7
35 f0 d7 c3
88 7b 85 26


In [4]:
input_bytes = bytes(range(16))
aes = AES(key)
AES.to_bytes(AES.to_matrix(input_bytes))

b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f'

### Add Round Key

The AddRoundKey transformation is the first and last step in the AES round structure. It performs a bitwise XOR between the current 4x4 state matrix and a round-specific subkey generated through key expansion. This step is simple yet vital, as it introduces the key-dependent variation at every round, ensuring that the encryption is tied to the secret key. Since XOR is its own inverse, this transformation is easily reversible during decryption [1].

### Substitution Bytes

The SubBytes operation provides non-linearity to the cipher by substituting each byte of the state using a substitution box (S-box). This S-box is constructed using the multiplicative inverse over GF(2^8), followed by an affine transformation. It enhances resistance against linear and differential cryptanalysis by ensuring that small changes in input create unpredictable output differences [3].

### Shift Rows

ShiftRows is a permutation step that cyclically shifts each row of the state matrix to the left by a certain number of bytes: the second row by 1, the third by 2, and the fourth by 3 positions. This operation spreads the byte positions across columns, contributing to diffusion by ensuring that the effect of a single byte affects multiple columns over rounds [4].

### Mix Columns

The MixColumns step transforms each column of the state matrix using polynomial multiplication in GF(2^8) with a fixed matrix. It blends the four bytes in each column, creating dependency between them. This step is essential for diffusion, ensuring that a change in one byte impacts all four bytes in the column [1]. It is skipped in the final round to simplify decryption.

### Key Expansion

Key Expansion (also known as the key schedule) takes the original cipher key and expands it into an array of round keys. This process uses byte substitution, rotation, and the addition of round constants to ensure that each round key is unique and non-linearly related to the original key. For AES-128, 11 round keys are generated: one for the initial key addition and ten for the rounds [5].

### Encryption

The encryption process consists of:

*Initial AddRoundKey

*9 rounds of: SubBytes → ShiftRows → MixColumns → AddRoundKey

*Final round: SubBytes → ShiftRows → AddRoundKey (no MixColumns)

Each transformation plays a critical role in strengthening the cipher against various attacks, from linear cryptanalysis to differential cryptanalysis [4].

## AES Diffusion and Confusion

Claude Shannon emphasized two principles for secure cipher design: confusion, which hides the relationship between ciphertext and key, and diffusion, which spreads plaintext information across the ciphertext [2].To test diffusion, a single-bit flip was introduced in the plaintext. The number of differing bits in the ciphertext was measured using Hamming distance. A high Hamming distance indicates good diffusion, as the effect of the bit flip propagates through the entire block.Likewise, confusion was assessed by modifying a single bit in the key. AES demonstrated high confusion, as even minor key changes significantly altered the output [6].

In [17]:
import matplotlib.pyplot as plt

def run_monte_carlo(function, num_rounds=None, num_trials=1000):
    distances = []
    for i in range(num_trials):
        distance = function(num_rounds)
        distances.append(distance)
    return distances

In [None]:
diffusion_results = run_monte_carlo(aes_diffusion, num_rounds=1, num_trials=1000)
confusion_results = run_monte_carlo(aes_confusion, num_rounds=10, num_trials=1000)

## Conclusion

AES remains a gold standard in symmetric encryption due to its elegant combination of speed, security, and simplicity. Its structured design incorporating non-linearity (SubBytes), mixing (MixColumns), and key variation (Key Expansion) makes it robust against classical and modern attacks. By analyzing diffusion and confusion empirically, we confirmed that AES effectively masks both the plaintext and key within the ciphertext, satisfying core cryptographic goals.

## References

[1] National Institute of Standards and Technology (NIST). FIPS PUB 197: Advanced Encryption Standard (AES). 2001.

[2] Shannon C. Communication theory of secrecy systems. Bell System Technical Journal. 1949;28(4):656–715.

[3] Daemen J, Rijmen V. The Design of Rijndael: AES—The Advanced Encryption Standard. Springer-Verlag; 2002.

[4] Stallings W. Cryptography and Network Security: Principles and Practice. 8th ed. Pearson; 2023.

[5] National Institute of Standards and Technology. AES Known Answer Test Vectors. 2001.

[6] Paar C, Pelzl J. Understanding Cryptography: A Textbook for Students and Practitioners. 2nd ed. Springer; 2018.